Re: rule sets on CVS

[Bob Van Cleef <vancleef () microunity com>]

On Wed, 5 Sep 2001, Ramin Alidousti wrote:

> On Wed, Sep 05, 2001 at 05:12:25PM -0700, Bob Van Cleef wrote:
>
> > I would like to set up a script to routinely download and replace
> > the rule sets.  Has anyone else done so?
>
> Excuse my paranoia but is it wise to do so? How difficult is it to
> poison such a download? Maybe it's impossible; I've not thought about
> it thoroughly but just the idea of an automatic replacement of such
> an important thing seems scary to me.
>
> Ramin

It should be relatively easy to verify things.  For one thing, someone
would have to poison the CVS source that everyone is using, which should
be uncovered rather quickly.  

Is there any difference between manually running a CVS update and running
it through a script?  I can't imagine that everyone runs a full suite of
regression tests everytime they update their copy of source from CVS.

Maybe that is the solution, develop some regression tests for snort. But, 
the paranoid would point out the the corrupter would simply need to insure 
that the corrupted version would pass the published regression tests.....

> From my prespective, I am more likely to maintain an up to date set of
rules if I can automate their installation.  If it takes 20 minutes to
manually download, edit and install an updated rule set, that means I most
likely will not get to it on a regular basis.

Bob


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users